I turned out that godaddy.com also sells "starfield" certificates (of which I had one)- so first thing to every newbie out there going with godaddy: godaddy is not equal to godaddy. Best you can get with that one is "marked as trusted".

By saying you can use go daddy they actually not mean a certificate from the site godaddy.com, but a certificate from godaddy on the godaddy site. And yes you have to figure that out on your own!

Back to my issue:

I had a green lock for 10 days now. Achieving the green lock was like heaven.. It turned orange again two days ago and ever since I don't find any issues or any potential error I might have done.

I did not change anything in my setup.

What I already tried:

I did follow the exact steps.

I did put the exact FQDN in my "Host" Input Field.

I have an A-Type Entry for my Domain Name. (I also have a * and an empty Entry - can this cause any issues?)

I have tried using those certificates like go daddy brings them, which worked fine (for 10 days).

I have tried renaming them from "gd_bundle-g2-g1.crt" and "someRandomChars.crt" to "chain.pem" and "myDomainName.crt" as suggested here: FileMakerPKB

Filemaker Support suggested to double check the intermediate certificate "syntax". But what should I check here ? Looks the same all the time. 3 certifcates concatenated.

I got the feedback (under the lock icon), that I have a name mismatch. Which I don't.

no www. no other subdomain involved.

I even tried deleting every associated certificate in my keychain. This helped in a way that now it is "valid" (green checkbox sign when I open it) again but still the lock is orange.

Ah and there is one thing I have to mention which I don't get my head around:

I have also tried to use other files as the intermediate certificate I downloaded here: Repository.

This is what filemaker support told me:

After the purchase, you will receive an email from the CA containing your server certificate (yourDomainName.crt) along with addional root and intermediate certificates. The certificate should be in Base64 PEM format. Common extensions are .pem, .crt, or .cer. Since only one intermediate file can be specified during import, the root and intermediate certificates must be concatenated into a single .pem file.

Open each root and intermediate certificate in a text editor, then copy and paste the contents into a single file named "chain.pem". The certificates should be pasted in hierarchical order, starting with the root certificate at the top. The contents of chain.pem should be structured like this:

-----BEGIN CERTIFICATE-----

Root certificate

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate certificate 2

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate certificate 1

-----END CERTIFICATE-----

This is what I am wondering about. Others had success using the "gdig2.crt"-file. But it is not structured as 3 concatenated certificates.

>>>UPDATE:

I figured out that I only have this issue in my own FMPA 17 on my development machine. If I try with FMPA 16 I have the green lock, if I ty another PC I have the green lock too.

But a name mismatch is not possible since I only have the domain, no subdomain- dedicated for the FMS.

>>>UPDATE 2:

I reinstalled FMPA17 and I have my green lock back.

Can anyone provide me with some information how something like this is possible ?

Are the certificates for FM17 Client Side fetched and then saved somewhere? I found none in my keychain.

I experienced also strange things with GoDaddy SSL certificate and Filemaker Server 17. Weeks after installation, after a small MacOS update, the lock turned orange. Restart, re-install of the certificate, even re-install of FMS didn't help. 2 days later, the lock was green again.????? I only touch an SSL certificate installation when it is absolutely necessary, that's what I learned.